On 06/01/2019 17:52, Amish wrote:
> Create a separate table which handles just sets.
>
> nft list ruleset - will list everything.
>
> nft list table foo - will list only the table foo which would not have sets
I think I do that, but why does listing of the tables take so much time?
This is the full set of rules:
# time nft list ruleset > /dev/null
nft list ruleset > /dev/null 1.36s user 4.11s system 96% cpu 5.681 total
This is the raw table without any sets:
# time nft list table raw > /dev/null
nft list table raw > /dev/null 0.90s user 3.91s system 96% cpu 4.991 total
And this is the raw-set table with sets:
# time nft list table raw-set > /dev/null
nft list table raw-set > /dev/null 1.41s user 4.11s system 97% cpu 5.666 total
Almost 5s for returning the following output?
# nft list table raw
table ip raw {
chain PREROUTING {
type filter hook prerouting priority -300; policy accept;
jump notrack-in
}
chain OUTPUT {
type filter hook output priority -300; policy accept;
}
chain notrack-in {
iifname "lo" counter packets 1209 bytes 84124 notrack
}
}
Is there something I could do to speed this up?
Attachment:
signature.asc
Description: OpenPGP digital signature
